README
¶
coder-xray
- Query Artifactory for image vulnerability on workspace startup.
- Inform users when they are using a vulnerable image.
Usage
Apply the Helm chart to start monitoring workspaces:
helm repo add coder-xray https://helm.coder.com/coder-xray
--namespace coder \
helm install coder-xray coder-xray/coder-xray \
--set coder.url="https://<your-coder-url>" \
--set coder.secretName="<your coder token secret>" \
--set artifactory.url="https://<your-artifactory-url>" \
--set artifactory.secretName="<your artifactory secret>"
For a detailed step by step guide, see the scanning coder workspaces with xray guide.
Note For additional customization (such as customizing the image, details on creating a secret, etc.), you can use the values.yaml file directly.
Requirements:
In order to use this service the following is required:
- A Coder API token with at least Template Admin privileges
- An Artifactory token
How?
Kubernetes provides an informers API that streams pod and event data from the API server.
coder-xray listens for pod creation events with containers that have the CODER_AGENT_TOKEN environment
variable set. All matching pods/containers are then queried against the provided Artifactory instance and
any XRay results are then pushed to the provided Coder deployment.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
package jfrog contains an abstraction for interfacing with an JFrog artifactory instance.
|
package jfrog contains an abstraction for interfacing with an JFrog artifactory instance. |
|
Package reporter is a generated GoMock package.
|
Package reporter is a generated GoMock package. |
Click to show internal directories.
Click to hide internal directories.